# HG changeset patch
# User Pascal Bellard <pascal.bellard@slitaz.org>
# Date 1314359859 -7200
# Node ID 149e9a44c47412a44255d9babe7ba529f9856c7a
# Parent  7005bc30066e8441067304706dae0d1e20053b07
apache: add range-CVE-2011-3192 fix

diff -r 7005bc30066e -r 149e9a44c474 apache/receipt
--- a/apache/receipt	Sat Aug 20 22:16:05 2011 +0200
+++ b/apache/receipt	Fri Aug 26 13:57:39 2011 +0200
@@ -42,6 +42,8 @@
 	cp -a $_pkg/var $fs
 	
 	cp -a $stuff/apache $fs/etc/init.d
+	mkdir -p $fs/etc/apache/extra
+	cp -a $stuff/fix-range-CVE-2011-3192.conf $fs/etc/apache/extra
 
 	sed -i  -e 's|User daemon|User www|' -e 's|Group daemon|Group www|' \
 		-e 's|ServerAdmin you@example.com|ServerAdmin root@localhost|' \
diff -r 7005bc30066e -r 149e9a44c474 apache/stuff/fix-range-CVE-2011-3192.conf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/apache/stuff/fix-range-CVE-2011-3192.conf	Fri Aug 26 13:57:39 2011 +0200
@@ -0,0 +1,8 @@
+# From http://thread.gmane.org/gmane.comp.apache.announce/58
+# Drop the Range header when more than 5 ranges.
+# CVE-2011-3192
+SetEnvIf Range (,.*?){5,} bad-range=1
+RequestHeader unset Range env=bad-range
+
+# optional logging.
+#CustomLog logs/range-CVE-2011-3192.log common env=bad-range